CVE-2012-2091

Name of the Vulnerable Software and Affected Versions FlightGear versions 2.6 and earlier SimGear versions 2.6 and earlier

Description The issue is related to multiple buffer overflows that can be triggered by user-assisted remote attacks, potentially leading to a denial of service (crash) and possibly the execution of arbitrary code. This can occur through either a long string in a rotor tag of an aircraft XML model to the Rotor::getValueforFGSet function or a crafted UDP packet to the SGSocketUDP::read function.

Recommendations For FlightGear versions 2.6 and earlier, consider updating to a version later than 2.6 to resolve the issue. For SimGear versions 2.6 and earlier, consider updating to a version later than 2.6 to resolve the issue. As a temporary workaround, consider restricting access to the Rotor::getValueforFGSet function and the SGSocketUDP::read function until a patch is available.